Once you receive the email with your certificate, follow the below
instructions to install your EBIZID SSL Certificate.
| There are TWO certificates that need to be installed during
this process. The first is the "Site" certificate, contained in the email
from EBIZID. The second is the "Bundled intermediate certificate" |
Install
the Intermediate Certificates
You will need to install the
chain certificates (intermediates) in order for browsers to trust
your certificate. As well as your SSL certificate.
UTNAddTrustServerCA.crt
AddTrustExternalCARoot.crt
-----BEGIN CERTIFICATE-----
MIAGCSqGSIb3DQEHAqCAMIACAQExADALBgkqhkiG9w0BBwGggDCCAmowggHXAhAF
(.......)
K99c42ku3QrlX2+KeDi+xBG2cEIsdSiXeQS/16S36ITclu4AADEAAAAAAAAA
-----END CERTIFICATE-----
Installing certificates from EBIZID
After you obtain an x509 certificate for the SSL Accelerator, you must copy it onto each BIG-IP Controller in the redundant configuration. You can configure the accelerator with certificates using the Configuration utility or from the command line.
To install certificates using the Configuration utility
In the navigation pane, click Proxies. The Proxies screen opens.
On Proxies screen, click the Install SSL Certificate Request tab. The Install SSL Certificate screen opens.
In the Certfile Name box, type the fully qualified domain name of the server with the file extension .crt. If you generated a temporary certificate when you submitted a request to the certificate authority, you can select the name of the certificate from the drop down list. This allows you to overwrite the temporary certificate with the certificate from the certificate authority.
Paste the text of the certificate into the install SSL Certificate window. Make sure you include the BEGIN CERTIFICATE line and the END CERTIFICATE line.
Click the Write Certificate File button to install the certificate.
To install certificates from the certificate authority using the command line
Copy the certificate into the following directory on each BIG-IP Controller in a redundant system:
/config/bigconfig/ssl.crt/
Note: The certificate you receive should overwrite the temporary certificate generated by genkey or gencert.
If you used the genkey or gencert utilities to generate the request file, a copy of the corresponding key should already be in the following directory on the BIG-IP Controller:
/config/bigconfig/ssl.key/
To install the intermediate certificate using the command line
Copy the intermediate CA certificate into each BIG-IP Controller in a redundant system. Open the intermediate CA certificate sent to you in the zip file attached to your email with a text editor.
Cut and paste the entire text of the certificate, including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines, into a file named intermediate-ca.crt. Be careful not to include any leading or trailing whitespace before the beginning and ending hyphens.
Place the intermediate-ca.crt file in the directory /config/bigconfig/ssl.crt/
Note: The ssl.crt directory is used to store certificates and certificate authorities.
WARNING:In a redundant system, the keys and certificates must be in place on both controllers before you configure the SSL Accelerator. You must do this manually; the configuration synchronization utilities do not perform this function.
| Save your virtual
host file and restart Apache. |
| An alternative to the above installation procedure is to
install the certificates through a command line in apache. |
|
